EhStorAuthn[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EhStorAuthn.exe
Size

126KB
MD5

9657c921dc6703de71288c1be50a7826
SHA1

2d1dd4b8abbed219fdd9938144284e75f13f8396
SHA256

f7a1acf775987523b769f2c5e389bc0b6bcb2dc8d80b3ea0f76c1014e824b3c1
SHA512

2207e351704909b6c84661a8baceecaa48f6053c3f2885143ec288547378b45e1dd1a6d199995f1cc146de13ee06b47215087169ac0102577a0a325519679a86
SSDEEP

1536:/tUJVgNnVqfBDkNe0XZ28Pmj/YQq2hKxyy2L5IIw0oeomgPHA5kG9mQ7N6wMkNa:/+yqfBD18uTzvPL2b0oxPxQZDFcZIZR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EhStorAuthn.exe

Files

EhStorAuthn.exe
.exe windows x64

781d28469bb74d268eaf05bbbb5da822

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

kernel32

Sleep
LocalAlloc
LockResource
WideCharToMultiByte
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
FreeResource
FindResourceW
LoadResource
CreateThread
CreateFileW
LocalFree
GetLastError
CloseHandle

gdi32

DeleteObject
SetTextColor
SetBkColor
CreateFontIndirectW
CreateSolidBrush

user32

SetActiveWindow
FindWindowExW
GetWindowTextLengthW
GetParent
KillTimer
GetSysColor
GetWindowLongPtrW
LoadStringW
UnregisterDeviceNotification
PostQuitMessage
FindWindowW
TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
ShowWindow
GetDlgCtrlID
SetWindowLongPtrW
SendMessageW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
GetMessageW
GetWindowTextW
EnableWindow
SetForegroundWindow
DialogBoxParamW
GetSysColorBrush
CheckDlgButton
GetDlgItem
LoadIconW
SetFocus
IsDlgButtonChecked
SendDlgItemMessageW
EndDialog
UnregisterClassW
SetWindowTextW
SetDlgItemTextW
RegisterClassExW
SetTimer

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
memcpy
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_wcsicmp
_vsnwprintf
__CxxFrameHandler3
__C_specific_handler
memset

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

shell32

CommandLineToArgvW
ShellExecuteExW

ntdll

RtlCaptureContext
RtlVirtualUnwind
WinSqmAddToStream
RtlLookupFunctionEntry

uxtheme

OpenThemeData
GetThemeColor
CloseThemeData
GetThemeFont

comctl32

ord345
PropertySheetW
CreatePropertySheetPageW
ord344

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

781d28469bb74d268eaf05bbbb5da822

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleaut32

shell32

ntdll

uxtheme

comctl32

crypt32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 512B - Virtual size: 44B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 512B - Virtual size: 44B